A new survey conducted by Porter Research for Healthcare & Life Sciences titled “Severity and Frequency of Cyberattacks Drive Urgency, Investment” has revealed the healthcare industry’s increased vulnerability to cyber threats due to the rapid pace of digital transformation in recent years. This transformation has created vulnerabilities in healthcare organizations’ cybersecurity, making them more susceptible to cyberattacks.
The survey was conducted from November 2022 through January 2023 and included more than 100 IT and business leaders across the provider, payer, and pharmaceutical/life sciences industries. The survey results reveal an alarming concern among leaders about their preparedness to prevent and mitigate ransomware attacks, along with an enhanced focus on the medical ecosystem and sustainability.
As Microsoft’s Digital Defense Report notes, cybercriminals have evolved their tactics from basic malware to ransomware and credential harvesting, highlighting the progressive sophistication of hackers targeting healthcare organizations. This increased sophistication is concerning, as the American Hospital Association acknowledges that cybercriminals are often more skilled and organized than in the past. The Porter Research survey results echo these concerns, with 100% of leaders noting “growing hacker sophistication” as the primary driver behind the increase in ransomware attacks. These findings highlight the urgent need for healthcare organizations to invest in robust security measures to protect against cyber threats.
Moreover, the healthcare industry is uniquely at risk due to the rapid pace of change in recent years, including the addition of virtual care services and the expansion of the Internet of Medical Things, which propelled innovation in healthcare at a dizzying pace. Accelerating digitization drove many healthcare organizations to modernize their technology faster than their traditional security protocols and practices, which left them more prone to cyberattacks. What were previously nefarious attacks and breaches are now shifting toward more demands for ransom through highly targeted, highly coordinated activity.
In addition, the survey revealed that 60% of leaders are not fully confident in the technologies they use to prevent and mitigate ransomware attacks. Additionally, 81% of leaders rely on basic cybersecurity methodologies, such as email filtering and firewalls, as their primary defense mechanisms against cyberattacks. These findings suggest that healthcare organizations need to invest in more sophisticated technologies and practices to better protect against cyber threats.
To address these vulnerabilities, healthcare organizations are increasing their investments aimed at preventing and mitigating ransomware attacks. The study found that 82% of leaders are increasing their investments in cybersecurity this year, highlighting the industry’s recognition of the need to prioritize cybersecurity in the digital age. Furthermore, 85% of leaders place mitigating cyberattacks as a “high” or “very high priority” in 2023. The report notes that healthcare organizations face unique challenges when it comes to cybersecurity. Unlike other leading industries, such as manufacturing, retail, and media, healthcare involves millions of workers performing manual tasks like patient intake, medical documentation, and medical billing with millions of patients’ sensitive medical data. Patient medical records sell on the dark web for as much as $1,000 per record compared with financial records, which are valued at $20 to $110, and Social Security numbers at $1.
The healthcare industry needs to recognize the urgent need to prioritize cybersecurity measures as it faces an increasingly sophisticated threat from cybercriminals. As digital transformation continues to shape the industry, healthcare organizations must invest in technologies and practices that can prevent and mitigate cyber threats. It is essential to understand the high stakes of cyberattacks, given the sensitive nature of medical data and the potential impact on patient safety. With the right investments and a focus on cybersecurity, healthcare organizations can protect themselves from these threats and ensure the safety and well-being of their patients.